From f5ef3c105bee3a52486d7b55cef3330fcde9bca6 Mon Sep 17 00:00:00 2001 From: Eric Van Hensbergen Date: Sun, 8 Jan 2006 01:04:56 -0800 Subject: [PATCH] [PATCH] v9fs: fix fd_close If a 9pfs server crashes, v9fs_fd_close() is called. Subsequently, in cleaning up by performing a umount() on the FS that was provided by this server v9fs_fd_close() is called again, and uses the old, freed valus of trans->priv. This patch ensures that trans->priv can be freed only once, otherwise this function bails early. Signed-off-by: Michal Ostrowski Signed-off-by: Eric Van Hensbergen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- fs/9p/trans_fd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/9p/trans_fd.c b/fs/9p/trans_fd.c index 63b58ce98ff..b7ffb985958 100644 --- a/fs/9p/trans_fd.c +++ b/fs/9p/trans_fd.c @@ -148,12 +148,12 @@ static void v9fs_fd_close(struct v9fs_transport *trans) if (!trans) return; - trans->status = Disconnected; - ts = trans->priv; + ts = xchg(&trans->priv, NULL); if (!ts) return; + trans->status = Disconnected; if (ts->in_file) fput(ts->in_file); -- 2.41.1